Iran is engaging in “malicious cyber activity” against key United States individuals including government officials and people involved in political campaigns, according to a joint cybersecurity advisory issued by multiple U.S. agencies and a UK agency.
The FBI has also observed these threat actors targeting people associated with U.S. political campaigns.
“The cyber actors working on behalf of the IRGC gain access to victims’ personal and business accounts using social engineering techniques, often impersonating professional contacts on email or messaging platforms,” the advisory states.
“In addition, these actors might attempt to impersonate known email service providers to solicit sensitive user security information on email or messaging platforms.”
The joint advisory was issued by the FBI, the U.S. Cyber Command-Cyber National Mission Force, the U.S. Treasury Department, and the UK’s National Cyber Security Centre.
The hackers could also impersonate individuals known to victims, portraying themselves as associates or family members. Victims may receive interview requests from accounts of well-known journalists, invitations to embassy events or conferences, and speaking engagement requests.
“The actors often attempt to build rapport before soliciting victims to access a document via a hyperlink, which redirects victims to a false email account login page for the purpose of capturing credentials,” the advisory states.
The victims may be prompted to input two-factor authentication codes, asked to send the codes via a messaging app, or interact with phone notifications so that cyber actors gain access to their accounts.
“Victims sometimes gain access to the document but may receive a login error,” the advisory states.
Iranian Hacking Threat
In August, multiple U.S. agencies issued a warning that cyber actors from Iran were looking to exploit U.S. and foreign organizations, targeting sectors such as education, health care, finance, and defense.The FBI assessed that these groups’ activities against U.S. entities were aimed at eventually engaging in ransomware operations.
Using malware and phishing attacks, the threat actors tried to hack into more than two dozen U.S. companies and government entities.
“Iranian malicious cyber actors continue to target U.S. companies and government entities in a coordinated, multi-pronged campaign intended to destabilize our critical infrastructure and cause harm to our citizens,” Brian Nelson, Treasury undersecretary for terrorism and financial intelligence, said at the time.
“The United States will continue to leverage our whole-of-government approach to expose and disrupt these networks’ operations.”
More than a dozen U.S. companies and the Treasury and State departments have been targeted. In one incident, the defendant and co-conspirators compromised more than 200,000 employee accounts.